2

My question is:

Specifically, how do I configure traefik to double proxy through keycloak gatekeepr to authenticate my services as outlined below?

I know my authentication chain looks like the title suggests but I'm completely missing the configuration requirements for traefik to point to keycloak gatekeeper, et al.

background:

I'm building a fairly complicated development home lab and trying to implement keycloak authentication/authorization behind a traefik proxy. My network layout is such that I'm afforded name resolution via local dnsmasq -so IP/name resolution is not a problem. See here for my network setup.

The basic Layout is like this-ish:

  • dnsmasq listens on localhost and dhcp (when connected) and a private network (i.e. 127.0.0.1, 10.x.x.x and optionally 192.x.x.x)
  • traefik listens on :80/443 and routes to my services on the private (10.x.x.x) network just fine -similarly over my docker custom netwok. No problems.
  • keycloak works just fine routing to services on it's own (when traefik is shutdown and I use keycloak.js or other mechanisms)

There are a lot of moving parts here so I've tried to simplify this question as much as possible.

Any and all help is welcome.

Jan Garaj
  • 869
  • 1
  • 7
  • 15
Karl N. Redman
  • 31
  • 1
  • 5
  • Ok, I' figured it out a while ago. I'm adding this comment to state that I'll answer this question in the not so distant future with a full howto. Likely in the next few weeks. – Karl N. Redman Apr 28 '19 at 19:45
  • Any update on this? Doing something quite similar shortly so interested in the solution you ended up with. – James May 09 '19 at 09:55
  • 1
    @James sorry for the delay. I'll post an answer back here for this specific question within 48 hours. Basically, for me, it came down to understanding how the gatekeeper works on behalf of the keycloak instance. I'm sorry that I don't have a quick answer yet -although I'm writing everything up as I go. I'll share ASAP. – Karl N. Redman May 09 '19 at 10:26
  • ugh, ok I'm working on some of the documentation now. sorry the delay. One thing that might help in the mean time is: https://github.com/ibuetler/docker-keycloak-traefik-workshop – Karl N. Redman May 15 '19 at 20:19

1 Answers1

1

I'm closing out this question.

The answer is fairly complicated. I commented on my post with a reference to a project that was helpful in figuring things out. I am still working on some documentation that will be helpful for others/myself in the future but that is going to take some time.

Also, I have created a few diagrams that might be helpful for understanding the layout and the flow for creating clients that will work with gatekeeper.

Karl N. Redman
  • 31
  • 1
  • 5